Monday, April 23, 2012

Powershell makes it very easy to take custom baselines and compare configurations to that baseline. One of the easiest examples is checking for changes to services. Powershell has simple cmdlets for listing services, saving the results to a file, and comparing for differences. Here is a quick snip of code that hi-lights what we are doing.

This will capture a baseline, stop your print spooler, then capture a current list. Then we compare a few properties. It will hilight that in one list the service is running and in the other it is not. If a new service was added or removed, then it would also be indicated. We can use this simple concept to build a configuration change tracking system.

I want to expand this a little bit into a script that I can run every week to show me the changes on my systems. Sounds easy enough, so lets see what we come up with.

Now I can run this any time I want to see when the services on this box change. I decided to use the WMI win32_service because it gives me a few more details, the its the same idea. I wrote this in a very general way so it would be possible run it on many machines.

I have several ideas for this going forward. I could easily schedule this and have the results emailed to me. I may also collect those baselines in a central location. Taking this a step further, I can have one task that checks AD for servers. Then runs this once on each server. This would allow it to discover new servers and provide me a single report.

Have you ever ...

Have you ever had a problem that is hard to search on? Some key words generate too many unrelated results. Other problems may be so basic that it’s just expected everyone will know it. I often run into problems that I expect others to have but nobody talks about it or just accepts that’s the way it is.

When I run into something that felt like it was harder to find then it should be, I will post it here. I don't have a set theme and many of my solutions are unrelated. But I hope you were able to find the solution to your problem within the pages of my blog.